Privacy Implications of Retrieval-Based Language Models

TL;DR

Retrieval-based language models, while improving interpretability and factuality, pose increased privacy risks by leaking private data, necessitating careful design and mitigation strategies to balance utility and privacy.

Contribution

This study is the first to analyze privacy risks in retrieval-based LMs, especially $k$NN-LMs, and explores mitigation techniques to enhance privacy without sacrificing utility.

Findings

$k$NN-LMs are more prone to leaking private data than parametric models.

Simple sanitization can eliminate privacy risks when sensitive information is easily detectable.

Decoupling query and key encoders improves the privacy-utility trade-off.

Abstract

Retrieval-based language models (LMs) have demonstrated improved interpretability, factuality, and adaptability compared to their parametric counterparts, by incorporating retrieved text from external datastores. While it is well known that parametric models are prone to leaking private data, it remains unclear how the addition of a retrieval datastore impacts model privacy. In this work, we present the first study of privacy risks in retrieval-based LMs, particularly $k$NN-LMs. Our goal is to explore the optimal design and training procedure in domains where privacy is of concern, aiming to strike a balance between utility and privacy. Crucially, we find that $k$NN-LMs are more susceptible to leaking private information from their private datastore than parametric models. We further explore mitigations of privacy risks. When privacy information is targeted and readily detected in the text, we find that a simple sanitization step would completely eliminate the risks, while decoupling query and key encoders achieves an even better utility-privacy trade-off. Otherwise, we consider strategies of mixing public and private data in both datastore and encoder training. While these methods offer modest improvements, they leave considerable room for future work. Together, our findings provide insights for practitioners to better understand and mitigate privacy risks in retrieval-based LMs. Our code is available at: https://github.com/Princeton-SysML/kNNLM_privacy .